Component Type: kbuild config

Description: FS Verity (read-only file-based authenticity protection)

More info: This option enables fs-verity. fs-verity is the dm-verity mechanism implemented at the file level. On supported filesystems (currently EXT4 and F2FS), userspace can use an ioctl to enable verity for a file, which causes the filesystem to build a Merkle tree for the file. The filesystem will then transparently verify any data read from the file against the Merkle tree. The file is also made read-only. This serves as an integrity check, but the availability of the Merkle tree root hash also allows efficiently supporting various use cases where normally the whole file would need to be hashed at once, such as: (a) auditing (logging the file's hash), or (b) authenticity verification (comparing the hash against a known good value, e.g. from a digital signature). fs-verity is especially useful on large files where not all the contents may actually be needed. Also, fs-verity verifies data each time it is paged back in, which provides better protection against malicious disks vs. an ahead-of-time hash. If unsure, say N.

Build project: Kconfig (Linux kconfig) (Path: fs\verity\Kconfig )

Other views: file explorer